Unable to delete an account from the global user

book

Article ID: 207930

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

The role is not assigned to the global user in Provisioning Manager, and there is an account correlated with the global user even though the account does not exist on the endpoint.

 I want to delete this account, but even if I execute "Remove Account from user" for this account, the following error occurs and I cannot delete it.

 

User Account 'Account_Name' on 'Endpoint_Name' read failed: DB Read failed: No such object

Cause

The account has been deleted from the Provisioning Directory, but its inclusion still remains.

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

Resolution

Make sure the “Inclusion” information still exists at the following locations for ADS endpoint Account.

If you use other endpoints, make sure of the eTInclusion ID under the other “etSubordinateClass”.

 

eTInclusionID=xxxxxxxxxxxxxxxxx,etSubordinateClass=eTDYNAccount,eTSuperiorClass=eTGlobalUser,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObject,dc=im,dc=eta

The part of eTInclusionID=xxxxxxxxxxxxxxxxx is "Global User's eTID @ Endpoint Account's eTID".

 

If the endpoint account does not exist in the provisioning directory and the correlation information between the global user and the endpoint account exists in Inclusion, delete this correlation (eTInclusionID) by LDAP command or LDAP browser like JXplorer.